As a part of security assessment of cloud based apps/ infrastructure we always face a challenge in scanning the servers in the cloud. Few of them are:
- Obtaining/ managing credentials always an headache
- Not ideal for cloud solutions
- Requires target machines to be always online
The limitations of the scanners:
- Traditional infrastructure scanners such as Nessus are of not much use
- Sometimes the scanners does not report vulnerabilities correctly due to many issues such as machines frequently go down while scan is in process, some firewall issues etc
We need a solution which is rather than we scanning the target servers, it resides on the server and keep doing the scanning and sends the report back to the organization periodically. And here comes the concept of 'Agent based clod scanning'.
The benefits are:
- Rather than targeting the remote servers in the traditional approach, the agents installed on the servers keep on doing the scans and sends the periodic reports
- Can run offline and syncs when becomes online
- It helps reducing the network congestion
- Enumerates Bluetooth, USB devices and mounted shares
- Detects malwares and suspicious processes
Nessus recently launched such tool called, Nessus Agents which fulfills above conditions.